Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-implement signedBlobReadUrl with a getAccountSAS call #259

Merged
merged 5 commits into from
May 26, 2019
Merged

Re-implement signedBlobReadUrl with a getAccountSAS call #259

merged 5 commits into from
May 26, 2019

Conversation

mikhailshilkov
Copy link
Member

Fixes #258

lukehoban
lukehoban approved these changes May 24, 2019
View reviewed changes
Copy link
Member

@lukehoban lukehoban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Do you know if this changes the format of the code URL? If so, that will cause Functions to be updated when this is adopted to point to the new URL (pointing to the same code). I think that's okay - but curious whether that's what we expect to happen or not.

@mikhailshilkov
Copy link
Member Author

mikhailshilkov commented May 24, 2019
edited
Loading

Do you know if this changes the format of the code URL?

Yes, it will, the URL will be different. Both parameter order and values are different.

Note that we are using a SAS on a different level - account not a specific blob. Fine-grained SAS tokens aren't supported. This puts us into a worse position security-wise. Should be fine for accounts auto-created inside our Serverless code, but doesn't feel great anyway.

CyrusNajmabadi
CyrusNajmabadi reviewed May 26, 2019
View reviewed changes
sdk/nodejs/storage/zMixins.ts
@@ -40,8 +40,8 @@ export function signedBlobReadUrl(blob: Blob | ZipBlob, account: Account): pulum
const signatureExpiration = "2100-01-01";

return pulumi.all([account.name, account.primaryConnectionString, blob.storageContainerName, blob.name]).apply(
([accountName, connectionString, containerName, blobName]) =>
getAccountSAS({
async ([accountName, connectionString, containerName, blobName]) => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@CyrusNajmabadi CyrusNajmabadi merged commit d61e911 into pulumi:master May 26, 2019
@CyrusNajmabadi
Copy link
Contributor

Thanks much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CyrusNajmabadi CyrusNajmabadi CyrusNajmabadi approved these changes

@ellismg ellismg ellismg left review comments

@lukehoban lukehoban lukehoban approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose signedBlobReadUrl function
4 participants
@mikhailshilkov @CyrusNajmabadi @lukehoban @ellismg